4.3 Administering Secure Authentication

All clients except those using share-mode file services must have file service authentication to access files and resources. TAS provides two methods for authenticating clients: UNIX open authentication and secure authentication.

Clients using open authentication send passwords in clear-text over the network. The file service process checks these passwords against those in the standard UNIX user database, such as /etc/passwd or NIS.

Secure authentication requires a separate, TAS-maintained user-password database. A client using this method does not send a clear-text password over the network. Instead, the client and server exchange a random message, and each encodes it with the user's password. The client sends the result of its encoding to the server, and the server compares it with the result of the server's encoding.

You can use this client-server dialog to create and update user-password entries for file services. You can also name a script file for Windows 95 clients to use when they connect to LM-NT-OS/2 realm services that support this feature.

Follow these steps to create, modify, or delete a secure authentication user:

1. Click the Passwords link.

   The Password Users screen appears.

2. From the list, select the name of the secure authentication user whose password you want to modify or delete, or enter the name of a user you want to add, in the text field. If deleting, you may select more than one name. The list contains nothing if no secure authentication user names exist.

3. Click Create, Modify, or Delete. The Modify and Delete options do not appear if no secure authentication user names exist.

   If you clicked Create, the Specify New Passwords screen below appears. Go to Step 4.

   If you clicked Modify, the Specify Passwords for username screen, same as the Specify New Passwords screen below, appears. Go to Step 4.

   If you clicked Delete, the Confirmation screen appears. Click OK. Do not go to Step 4.

   

4. Enter values for the following attributes, as needed:

   • User name -- An existing user entry in the UNIX database. If you clicked Modify, this attribute does not appear.

   • Password -- The user's new password.

   • Repeat password -- Confirmation of the user's new password. Type in the password again.

   • Password for realms -- The realms for which the password changes. If you clicked Create, this option does not appear.

   • Modify Windows 95 logon script only -- The option to modify the logon script options only, ignoring any password options.

   • Use default Windows 95 logon script -- The option to cause the user's client to follow a file service's default logon script. If you select this option, do not enter information for Windows 95 logon script file.

   • Windows 95 logon script file -- The name of a file other than the default to execute when this user first connects. The logon script, an executable file, executes when the PC connects to the server. Make sure that the file exists and executes properly. Also, a volume or attach point named NETLOGON, accessible from the file service to which the user connects, must contain your Windows 95 logon script file. If you enter information for this attribute, do not select Use default Windows 95 logon script.

5. Click Submit.

   The Creating new Passwords for username or the Updating Passwords for username screen appears.

6. Click OK.

   To administer secure authentication from the UNIX command line, use the tnpasswd command.